4 Questions IT Pros Should Be Asking at RSA 2023

I’m looking forward to the upcoming RSA Conference, April 24-27 in San Francisco, not so much to visit a lot of booths and hear about the latest cybersecurity innovations—although clearly that’s a big part of it. What I’m most excited about is talking to fellow cybersecurity professionals, those on the front lines who protect businesses, governments and other organizations from the latest threats.

There’s a lot that I want to learn and hear more about, and I think many of the tens of thousands of cyber and IT pros on hand should feel the same. With that in mind, here are four questions that I think IT pros should ask if they’re attending this year’s conference—because I think the answers are out there.

1. What’s Next for Cybersecurity Analysts?

The cybersecurity analyst role is evolving and expanding – it’s one of the chief reasons we’ll be refreshing the CompTIA Cybersecurity Analyst (CySA+) certification exam in June. There will be several sessions at RSA around the cyber workforce and talent gaps—what’s missing inside an organization. I think that’s something worth paying attention to. I want to hear what people are talking about because more and more organizations are looking for cyber analysts. It’s not just the tech industry, but all businesses. We should be looking to hear what attendees’ reactions are and how they’re thinking about the cyber workforce as this is an issue everyone is facing.

2. How Can I Broaden My Cyber and IT Knowledge Base?

A lot of people know (or can learn) the various cybersecurity platforms in the market, but what’s missing for many is a broader, foundational knowledge of how cybersecurity and IT fit together and how that’s changing. What does the security analyst landscape or engineer landscape look like? What things should they be involved in as part of a small organization vs. a larger organization vs. a vendor vs. an MSP? They all have distinct roles but if they have a broader foundational knowledge and understand how all these pieces plug in, it becomes easier for the individual. RSA is a perfect opportunity to learn how these areas fit together.

I think that’s a big opportunity. Look to your internal staff to address your cyber needs. People working in server admin, network support or on a help desk have institutional knowledge in your organization. That is valuable and they can slide into a cybersecurity role with some training and certifications. It’s easier to find someone to fill a help desk job or an engineer than a cyber position.

3. How Can I Cut Through the AI/ChatGPT Hype?

I’ve been watching the artificial intelligence (AI), machine learning (ML), ChatGPT news pretty closely. I’m curious to hear more about it, but also to get through all the hype—and there is a lot of hype out there about ChatGPT and Microsoft and Google’s chat. The ability to understand the facts from the fluff is something that everybody needs to know. Cybersecurity and IT pros need to understand what a large language model (LLM) is, what it does and how it could benefit them. There’s a lot of misunderstanding out there. Many people think AI is something from Terminator or 2001: A Space Odyssey. The reality is they are regurgitation machines, and everything is dependent on what you input into it. These platforms can be helpful if used correctly, but privacy and confidentiality are some of the top concerns we should have, along with accuracy. AI chatbots have been around for a long time and the new generations have made many improvements in natural language processing, but just because a chatbot returns a response with authority doesn’t make it correct.

From an IT perspective, one positive that we’ll probably start to see quickly are some innovations through APIs and things like Slack or Teams, help desk ticket systems and plug-ins into email or desktop productivity apps like Word, PowerPoint or Excel. These things will be useful for technical people who are used to speaking in very detailed terms with a lot of acronyms. They can be very good at converting that style of writing into something more easily understood by the average user in an organization. The key is to read over the response and ensure it’s accurate.

IT professionals should be aware of what AI/ML and LLMs are and have a basic understanding of how they work as well as what risks and benefits they can offer. They aren’t going away.

4. What Trends Will People Be Talking About?

There’s a wide variety of topics that will be covered – just in the keynote sessions alone. I’m looking forward to Lisa Monaco, the deputy U.S. attorney general, talk about evolving cyber threats, and cybersecurity as part of responsible AI. Plus I’ll sit in on anything Bruce Schneider talks about and absorb that. One thing I’m not going to RSA to learn about is what hackers are up to next. That’s happening all the time and you should be keeping up with that 365 days a year. There’s a lot of opportunities to learn more about the cyber workforce—where the skills gaps lie and how we can all help fill them. I think that’s going to be important not just for CompTIA and the IT industry, but for every organization.

Ron Culler is vice president, cyber development programs, CompTIA.